I just setup Nextcloud for me, and noticed that Admin account gets to see all files from all users. Admin does not see this through the web page interface, but Admin can connect via SSH to the server where Nextcloud is running, and then via command line go all folders what other users have created. Is there a way to block that?
Well… effectively… no. The only thing you can do about this is to encrypt all data at rest. NC offers this through the default encryption app and then enable the server side encryption.
Beware though, that this puts some considerable implications on your setup. File sizes will be up to 30% higher, loosing the encryption keys will render your data useless to you or your users. Thus you will need to have a reliable backup, which is executed regularly.
Thanks for the comment. I think encryption in my case is a bit overkill. The plan is to use this within our family, with no ultra-secret content. I just have to warn other family members about this… Is this encryption a system-wide parameter, or is it possible to enable it to only some of the users?
No, actually server side encryption encrypts the whole data folder. Please read up here for more information:
If there’s someone who don’t trust you, then he/she have to use Boxcryptor or similar app to encrypt files before your server.
Nextcloud’s e2e encryption is still not working properly.
Thanks both, this cleared the case